Find the answer to your Linux question:
Results 1 to 4 of 4
I'm running Apache 2.0.52 on RedHat Enterprise Linux 4. Authentication is done via samba/winbind to our Active Directory server, and is working fine. I'm currently restricting access to a particular ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Mar 2008
    Location
    Lincoln, NE
    Posts
    2

    Deny user in Apache 2.0


    I'm running Apache 2.0.52 on RedHat Enterprise Linux 4. Authentication is done via samba/winbind to our Active Directory server, and is working fine. I'm currently restricting access to a particular directory to just a certain AD group with the following config:

    <Location "/">
    AllowOverride None
    AuthType Basic
    AuthName "Documentation"
    AuthPAM_Enabled on
    AuthPAM_FallThrough off
    Require group "domain\group1"
    Require group "domain\group2"
    Require user "domain\someuser"
    </Location>

    Those two groups are rather large, and are used for many things on our network. However, for this web server, I want to be able to exclude one user from within group1. This user still needs access to all the other stuff on the network that uses group1 for access control, so I can't just remove him from the group. I also don't want to have to maintain two separate, but nearly equal, groups.

    Does Apache have any way to deny access to a particular username, even if they've given valid credentials?

  2. #2
    Linux Engineer jledhead's Avatar
    Join Date
    Oct 2004
    Location
    North Carolina
    Posts
    1,077
    since I believe order matters could you put the deny statement before you allow the group? haven't tried it but it might work.

  3. #3
    Just Joined!
    Join Date
    Mar 2008
    Location
    Lincoln, NE
    Posts
    2
    The problem is that I don't know the syntax to reject based on a username. The standard "deny" command operates on hostnames & domains, not on users.

  4. #4
    Linux Engineer jledhead's Avatar
    Join Date
    Oct 2004
    Location
    North Carolina
    Posts
    1,077
    I think your right

    the only option I can see is require the group, and then right after that require the list of users. That way you don't have to affect your AD but limit just for apache. I can't really see any other way. You might want to sign up for the apache mailing list and ask there.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •